diff --git a/.ansible-lint b/.ansible-lint index 355eeac..18f96c7 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -1,6 +1,6 @@ --- exclude_paths: - - ./molecule + # - ./molecule - ./.travis.yml - ./.github parseable: true diff --git a/.yamllint b/.yamllint index 80f524b..becd79b 100644 --- a/.yamllint +++ b/.yamllint @@ -31,3 +31,9 @@ rules: new-lines: type: unix truthy: disable + quoted-strings: + quote-type: any + required: only-when-needed + key-ordering: disable + document-end: + present: false diff --git a/defaults/main.yml b/defaults/main.yml index a0f9953..bc13997 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -1,8 +1,8 @@ --- ## General -sonarqube_image: sonarqube -sonarqube_db_image: postgres +sonarqube_image: "sonarqube" +sonarqube_db_image: "postgres" sonarqube_http_port: 9000 sonarqube_api_port: 9001 @@ -14,7 +14,7 @@ sonarqube_nofile: 131072 sonarqube_nproc: 8192 # Sonarqube paths -sonarqube_root_path: /var/local +sonarqube_root_path: "/var/local" sonarqube_config_path: "{{ sonarqube_root_path }}/conf/sonarqube" sonarqube_db_user: "changeme" diff --git a/meta/main.yml b/meta/main.yml index 6223b49..952b839 100644 --- a/meta/main.yml +++ b/meta/main.yml @@ -1,25 +1,25 @@ --- galaxy_info: - author: Laur Ivan (laur.ivan@gmail.com) - namespace: laurivan - role_name: sonarqube - description: Sonarqube Role + author: "Laur Ivan (laur.ivan@gmail.com)" + namespace: "laurivan" + role_name: "sonarqube" + description: "Sonarqube Role" min_ansible_version: "2.4" min_ansible_container_version: "2.4" - license: MIT + license: "MIT" galaxy_tags: - - sonarqube - - testing - - security + - "sonarqube" + - "testing" + - "security" platforms: - - name: Debian + - name: "Debian" versions: - - bullseye - - buster + - "bullseye" + - "buster" - - name: Ubuntu + - name: "Ubuntu" versions: - - bionic - - focal - - jammy + - "bionic" + - "focal" + - "jammy" diff --git a/molecule/default/cleanup.yml b/molecule/default/cleanup.yml index f741422..70d904d 100644 --- a/molecule/default/cleanup.yml +++ b/molecule/default/cleanup.yml @@ -1,27 +1,27 @@ --- -- name: Clean up - hosts: all +- name: "Clean up" + hosts: "all" gather_facts: true tasks: - - name: Load the defaults + - name: "Load the defaults" ansible.builtin.include_vars: dir: "../../defaults" - - name: Check if the docker-compose file exists. + - name: "Check if the docker-compose file exists." ansible.builtin.stat: - path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" - register: docker_compose_file + path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" + register: "docker_compose_file" - - name: Remove docker-compose. + - name: "Remove docker-compose." community.docker.docker_compose: - project_src: "{{ sonarqube_config_path | expanduser | realpath }}/" + project_src: "{{ sonarqube_config_path | expanduser | realpath }}/" build: false - state: absent - when: docker_compose_file.stat.exists + state: "absent" + when: "docker_compose_file.stat.exists" become: false - - name: Remove the docker-compose file + - name: "Remove the docker-compose file" ansible.builtin.file: - path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" - state: absent - when: docker_compose_file.stat.exists + path: "{{ sonarqube_config_path | expanduser | realpath }}/docker-compose.yml" + state: "absent" + when: "docker_compose_file.stat.exists" diff --git a/molecule/default/converge.yml b/molecule/default/converge.yml index e96290f..85f856a 100644 --- a/molecule/default/converge.yml +++ b/molecule/default/converge.yml @@ -1,5 +1,5 @@ --- -- name: Converge - hosts: sonarqube_group +- name: "Converge" + hosts: "sonarqube_group" roles: - role: "laurivan.sonarqube" diff --git a/molecule/default/destroy.yml b/molecule/default/destroy.yml index 44290b5..433b5c6 100644 --- a/molecule/default/destroy.yml +++ b/molecule/default/destroy.yml @@ -1,27 +1,27 @@ --- -- name: Destroy - hosts: localhost - connection: local +- name: "Destroy" + hosts: "localhost" + connection: "local" gather_facts: false no_log: "{{ molecule_no_log }}" tasks: # Developer must implement. - - name: Remove the docker image + - name: "Remove the docker image" community.docker.docker_container: - name: sonarqube - state: absent + name: "sonarqube" + state: "absent" # Mandatory configuration for Molecule to function. - - name: Populate instance config + - name: "Populate instance config" ansible.builtin.set_fact: instance_conf: {} - - name: Dump instance config + - name: "Dump instance config" ansible.builtin.copy: content: | # Molecule managed {{ instance_conf | to_json | from_json | to_yaml }} dest: "{{ molecule_instance_config }}" mode: 0600 - when: server.changed | default(false) | bool + when: "server.changed | default(false) | bool" diff --git a/molecule/default/molecule.yml b/molecule/default/molecule.yml index 37e904b..592d3f7 100644 --- a/molecule/default/molecule.yml +++ b/molecule/default/molecule.yml @@ -1,37 +1,37 @@ --- dependency: - name: galaxy + name: "galaxy" options: ignore-certs: true ignore-errors: true - role-file: molecule/requirements.yml - requirements-file: molecule/requirements.yml + role-file: "molecule/requirements.yml" + requirements-file: "molecule/requirements.yml" driver: - name: docker + name: "docker" lint: | yamllint . ansible-lint . platforms: - - name: sonarqube + - name: "sonarqube" groups: - - sonarqube_group + - "sonarqube_group" image: "geerlingguy/docker-${MOLECULE_DISTRO:-centos8}-ansible:latest" privileged: true pre_build_image: true capabilities: - - SYS_ADMIN + - "SYS_ADMIN" tmpfs: - - /tmp - - /run - - /run/lock + - "/tmp" + - "/run" + - "/run/lock" volumes: - '/sys/fs/cgroup:/sys/fs/cgroup:ro' - '/var/run/docker.sock:/tmp/docker_mounted.sock' command: '/lib/systemd/systemd' stop_signal: 'RTMIN+3' provisioner: - name: ansible + name: "ansible" playbooks: - converge: ${MOLECULE_PLAYBOOK:-converge.yml} + converge: "${MOLECULE_PLAYBOOK:-converge.yml}" verifier: - name: ansible + name: "ansible" diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml index 97c6914..cc735eb 100644 --- a/molecule/default/prepare.yml +++ b/molecule/default/prepare.yml @@ -1,38 +1,38 @@ --- -- name: Setup the test machine - hosts: sonarqube +- name: "Setup the test machine" + hosts: "sonarqube" tasks: - - name: Check if /var/run/docker.sock already exists + - name: "Check if /var/run/docker.sock already exists" ansible.builtin.stat: path: "/var/run/docker.sock" - register: docker_sock_stat + register: "docker_sock_stat" - - name: Create docker.sock + - name: "Create docker.sock" ansible.builtin.raw: touch /var/run/docker.sock become: true changed_when: false - when: not docker_sock_stat.stat.exists + when: "not docker_sock_stat.stat.exists" - - name: Move docker.sock from tmp + - name: "Move docker.sock from tmp" ansible.builtin.raw: > mount --move /tmp/docker_mounted.sock /var/run/docker.sock become: true changed_when: false - when: not docker_sock_stat.stat.exists + when: "not docker_sock_stat.stat.exists" - - name: Update apt cache. + - name: "Update apt cache." ansible.builtin.apt: update_cache=yes cache_valid_time=600 - when: ansible_os_family == 'Debian' + when: "ansible_os_family == 'Debian'" - - name: Install python requests + - name: "Install python requests" ansible.builtin.pip: name: - - requests - - docker - - docker-compose + - "requests" + - "docker" + - "docker-compose" - - name: Install docker + - name: "Install docker" vars: docker_service_manage: false ansible.builtin.include_role: - name: geerlingguy.docker + name: "geerlingguy.docker" diff --git a/molecule/default/requirements.yml b/molecule/default/requirements.yml index a6284de..f51f987 100644 --- a/molecule/default/requirements.yml +++ b/molecule/default/requirements.yml @@ -1,4 +1,4 @@ --- roles: - - geerlingguy.docker + - "geerlingguy.docker" collections: [] diff --git a/molecule/default/tests/test_app.yml b/molecule/default/tests/test_app.yml index 38a1eea..7557ed4 100644 --- a/molecule/default/tests/test_app.yml +++ b/molecule/default/tests/test_app.yml @@ -1,12 +1,6 @@ --- -## TODO: Remember to adapt goss tests to your convenience +http: + "http://localhost:{{ sonarqube_http_port }}/": + status: 200 -## Check if ports are really exposed -# port: -# # Check port at IPv6 -# # https://github.com/aelsabbahy/goss/issues/177 -# tcp6:: -# listening: true -# ip: -# - '::' diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index eaf55cc..a6c32f4 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -3,57 +3,57 @@ # Tests need distributed to the appropriate ansible host/groups # prior to execution by `goss validate`. -- name: Verify sonarqube +- name: "Verify sonarqube" hosts: - - sonarqube + - "sonarqube" become: true vars: - goss_version: v0.3.16 - goss_arch: amd64 - goss_dst: /usr/local/bin/goss - goss_sha256sum: 827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb + goss_version: "v0.3.16" + goss_arch: "amd64" + goss_dst: "/usr/local/bin/goss" + goss_sha256sum: "827e354b48f93bce933f5efcd1f00dc82569c42a179cf2d384b040d8a80bfbfb" goss_url: "https://github.com/aelsabbahy/goss/releases/download/{{ goss_version }}/goss-linux-{{ goss_arch }}" - goss_test_directory: /tmp - goss_format: documentation + goss_test_directory: "/tmp" + goss_format: "documentation" vars_files: - - ../../defaults/main.yml + - "../../defaults/main.yml" tasks: - - name: Download and install Goss + - name: "Download and install Goss" get_url: url: "{{ goss_url }}" dest: "{{ goss_dst }}" checksum: "sha256:{{ goss_sha256sum }}" mode: 0755 - register: download_goss - until: download_goss is succeeded + register: "download_goss" + until: "download_goss is succeeded" retries: 3 - - name: Copy Goss tests to remote + - name: "Copy Goss tests to remote" template: src: "{{ item }}" dest: "{{ goss_test_directory }}/{{ item | basename }}" with_fileglob: - "tests/test_*.yml" - - name: Register test files + - name: "Register test files" shell: "ls {{ goss_test_directory }}/test_*.yml" - register: test_files + register: "test_files" - - name: Execute Goss tests + - name: "Execute Goss tests" command: "{{ goss_dst }} -g {{ item }} validate --format {{ goss_format }}" - register: test_results + register: "test_results" with_items: "{{ test_files.stdout_lines }}" ignore_errors: true - - name: Display details about the Goss results + - name: "Display details about the Goss results" debug: msg: "{{ item.stdout_lines }}" with_items: "{{ test_results.results }}" - - name: Fail when tests fail + - name: "Fail when tests fail" fail: msg: "Goss failed to validate" - when: item.rc != 0 + when: "item.rc != 0" with_items: "{{ test_results.results }}" diff --git a/sonar-project.properties b/sonar-project.properties index cabf5c3..8c12258 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -2,6 +2,7 @@ sonar.projectKey=ansible-role-sonarqube sonar.projectVersion=v1.1.4 sonar.projectName=ansible-role-sonarqube +sonar.ansible-lint=.ansible-lint sonar.language=ansible,yaml sonar.sources=. sonar.host.url=http://10.0.0.27:39000 diff --git a/tasks/config.yml b/tasks/config.yml index 297007a..ae75bbb 100644 --- a/tasks/config.yml +++ b/tasks/config.yml @@ -1,7 +1,7 @@ --- - name: "SONARQUBE | Set up directories" ansible.builtin.file: - state: directory + state: "directory" path: "{{ item }}" owner: "{{ ansible_effective_user_id }}" group: "{{ ansible_effective_group_id }}" @@ -9,7 +9,7 @@ with_items: - "{{ sonarqube_skeleton_paths }}" tags: - - sonarqube_configure + - "sonarqube_configure" become: true - name: "SONARQUBE | Write configuration files" @@ -20,7 +20,7 @@ with_items: - "{{ sonarqube_configuration_files }}" tags: - - sonarqube_configure + - "sonarqube_configure" - name: "SONARQUBE | Set up nofiles and nproc for ansible user" community.general.pam_limits: @@ -33,20 +33,26 @@ # Type "-" for enforcing both soft and hard resource limits together for more details read `man limits.conf`. - { limit_type: '-', limit_item: 'nofile', value: "{{ sonarqube_nofile }}" } - { limit_type: '-', limit_item: 'nproc', value: "{{ sonarqube_nproc }}" } + tags: + - "sonarqube_configure" become: true - name: "SONARQUBE | Set up the max files" ansible.posix.sysctl: - name: fs.file-max + name: "fs.file-max" value: "{{ sonarqube_fs_file_max }}" - state: present + state: "present" reload: true + tags: + - "sonarqube_configure" become: true - name: "SONARQUBE | Set up the VM max_map_count" ansible.posix.sysctl: - name: vm.max_map_count + name: "vm.max_map_count" value: "{{ sonarqube_vm_max_map_count }}" - state: present + state: "present" reload: true + tags: + - "sonarqube_configure" become: true diff --git a/tasks/install.yml b/tasks/install.yml index fe6382d..e6475e7 100644 --- a/tasks/install.yml +++ b/tasks/install.yml @@ -4,4 +4,4 @@ project_src: "{{ sonarqube_config_path | expanduser | realpath }}" build: false tags: - - sonarqube_install + - "sonarqube_install" diff --git a/tasks/main.yml b/tasks/main.yml index 94a79a0..9cad4db 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,11 +1,11 @@ --- - name: "SONARQUBE | Configure" - ansible.builtin.import_tasks: config.yml + ansible.builtin.import_tasks: "config.yml" tags: - - sonarqube_configure + - "sonarqube_configure" - name: "SONARQUBE | Install" - ansible.builtin.import_tasks: install.yml + ansible.builtin.import_tasks: "install.yml" tags: - - sonarqube_install + - "sonarqube_install"